#!/usr/bin/env bash
# onx-php-system-ini-write — System-level PHP INI directives yaz (per-version).
#
# /etc/opt/remi/php{VER}/php.d/99-onox-system.ini'ye yazar. FPM reload tetikler.
# Yeni dosya — directive'leri override eder (99 priority son yüklenir).
#
# Input (stdin JSON):
#   {
#     "version": "8.2",
#     "directives": {
#       "memory_limit": "256M",
#       "max_execution_time": 60,
#       "upload_max_filesize": "64M",
#       "post_max_size": "64M",
#       "max_input_vars": 1000,
#       "display_errors": "Off",
#       "log_errors": "On",
#       "date.timezone": "Europe/Istanbul",
#       "expose_php": "Off",
#       "session.cookie_httponly": "On",
#       "session.cookie_secure": "On",
#       ...
#     }
#   }
#
# Output: {"version":"...", "ini_file":"/etc/.../99-onox-system.ini", "directives_count":N, "reloaded":true}

set -euo pipefail

SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
source "${SCRIPT_DIR}/_lib/common.sh"

require_root
INPUT=$(cat)
onx_require_json "${INPUT}"

VERSION=$(onx_json_get "${INPUT}" "version")
[[ -z "$VERSION" ]] && onx_die 1 "version zorunlu"
[[ "$VERSION" =~ ^[7-9]\.[0-9]+$ ]] || onx_die 1 "Gecersiz version"

VERSION_NODOT="${VERSION//./}"
INI_DIR="/etc/opt/remi/php${VERSION_NODOT}/php.d"
INI_FILE="${INI_DIR}/99-onox-system.ini"
FPM_UNIT="php${VERSION_NODOT}-php-fpm"

[[ -d "$INI_DIR" ]] || onx_die 2 "INI dizini yok: $INI_DIR (PHP ${VERSION} kurulu mu?)"

# directives object'ini parse et — her key=value satır olarak yaz
DIRECTIVES=$(echo "$INPUT" | jq -r '.directives // {} | to_entries | .[] | "\(.key)=\(.value)"')

[[ -z "$DIRECTIVES" ]] && onx_die 1 "directives boş veya geçersiz JSON object"

onx_log "php-system-ini-write: version=${VERSION} file=${INI_FILE}"

# Backup mevcut dosyayı
if [[ -f "$INI_FILE" ]]; then
    cp -a "$INI_FILE" "${INI_FILE}.bak-$(date +%Y%m%d%H%M%S)"
fi

# Yaz
{
    echo "; ONOXSOFT Panel — System PHP INI (auto-generated)"
    echo "; Generated: $(date -Iseconds)"
    echo "; Version: PHP ${VERSION}"
    echo "; DO NOT EDIT MANUALLY — admin panel writes this file."
    echo "; To override per-pool, use pool conf php_admin_value[]."
    echo ""
    echo "$DIRECTIVES" | while IFS='=' read -r key value; do
        [[ -z "$key" ]] && continue
        # Key validation — sadece dot.underscore.alphanumeric
        if [[ ! "$key" =~ ^[a-zA-Z][a-zA-Z0-9_.]*$ ]]; then
            continue
        fi
        # Value validation — basic chars only
        if [[ "$value" =~ [\\\$\`\<\>] ]]; then
            continue
        fi
        echo "${key} = ${value}"
    done
} > "$INI_FILE"

chmod 0644 "$INI_FILE"
chown root:root "$INI_FILE"

# SELinux context (varsa)
if command -v chcon >/dev/null 2>&1; then
    chcon -t etc_t "$INI_FILE" 2>/dev/null || true
fi

# Syntax test
SYNTAX_OK="false"
if /usr/bin/php${VERSION_NODOT} --rf phpinfo >/dev/null 2>&1; then
    SYNTAX_OK="true"
fi

# Reload FPM
RELOADED="false"
if systemctl is-active --quiet "${FPM_UNIT}" 2>/dev/null; then
    if systemctl reload "${FPM_UNIT}" 2>/dev/null; then
        RELOADED="true"
    elif systemctl restart "${FPM_UNIT}" 2>/dev/null; then
        RELOADED="true"
    fi
fi

DIRECTIVE_COUNT=$(echo "$DIRECTIVES" | grep -c '=' || echo 0)

json_ok "$(jq -n \
    --arg version "$VERSION" \
    --arg ini_file "$INI_FILE" \
    --argjson count "$DIRECTIVE_COUNT" \
    --argjson syntax_ok "$SYNTAX_OK" \
    --argjson reloaded "$RELOADED" \
    '{version:$version, ini_file:$ini_file, directives_count:$count,
      syntax_ok:$syntax_ok, reloaded:$reloaded}')"
